I upgraded from 5.4 to 6.1 the other day, mostly just to play around with pf‘s new features.
The new feature I’m excited about is overload (you’ll have to search that page for it). pf lets you specify connection options, such as the maximum number of connections an IP can create, the maximum number of total connections, or the maximum connection rate for an IP. With overload, you can have IPs that overload these rules added to a table, and then block them completely, either from that service or from reaching you at all.
(And as a sidenote, I’m disappointed I’ve never caught anyone using OpenBSD at ServePath. I hope this is because people who use OpenBSD are generally good enough that they don’t need support, and not because nobody uses it.)
But the best new (userland) feature of 6.1 has got to be portsnap. This is a very simple tool for keeping the FreeBSD ports tree current. In the past a tool called cvsup was used to keep the ports tree up to date, and it’s pretty serviceable (it’s still used for other aspects of the FreeBSD CVS repository, such as src and doc), but portsnap just flies.
Every now and then I’ll come across programs like this that just work right. portsnap for the ports tree, lftp for FTP, screen for, well, everything.
I’ve been thinking for a long time now how important good tools are. People care deeply about their tools. Have you ever read people arguing about vi v. emacs and wondered, “What is wrong with these people?” The answer is simple: these are people who care very deeply about the tools they use. And it’s not limited to linux dweebs. Some of the people who designed the very protocols of the Internet feel this way. The book “TCP/IP Illustrated” has the following passage:
The keepalive timer is a controversial feature. Many feel that this polling of the other end has no place in TCP and should be done by the application, if desired. This is one of the religious issues, because of the fervor expressed by some on the topic.
Now why would very many very (supposedly) intelligent people care so much about, for example, a text editor? Yes, good tools are nice, but can’t you accomplish just as much in Notepad? The answer is, no, you can’t. Good tools are not different from bad tools in that they have nifty features, or that they help you out, good tools are different because they get out of your way. This is what lets you do real work; you can only do it everything irrelevant is out of mind.
This is why, I bet, you hear (for example) horror stories about management making bogus IT choices. What management wants is to focus on, well, I don’t pretend to know what management focuses on, but it isn’t servers and firewalls. They want not to be thinking about servers and firewalls. So they are going to like the idea of servers and firewalls that “just work”.
Whereas IT really wants to be thinking about servers and firewalls. They want to make their servers and firewalls as good as possible. So the solutions they will be looking for are the most configurable, open, tweakable servers and firewalls they can find, and everything that gets between a sysadmin and his ability to tweak servers and firewalls is bad. So they demand text editors like vim or emacs, and in general prefer open source and free software to Microsoft.
Meanwhile, HR just wants to be able to print files.
I forget where I was going with this. Oh yeah. So everyone needs different tools to be productive, and you have no hope of ever satisfying anyone.
Wait that wasn’t it.
Oh yeah. So everyone needs good tools to be productive, and if you aren’t using good tools, then you’re wasting time and energy wrestling with what should be non-issues. Me, I use FreeBSD and pf, your mileage may vary. But don’t settle with something because you’ve been sold on it, or because you have it and it works. Notepad works, but you can’t do much with it.
Next week sometime I’ll come up with some criteria for what makes a tool good (specifically sysadmin tools).
Recent Comments